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Disposition of Claims 

4) E3 Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 
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Application Papers 
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DETAILED ACTION 

1. Claims 1-21 are pending in this application. 

2. Claims 1, 2, 8-9 and 15-21 are presently amended. 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office Action. 

Claim Rejections - 35 USC § 103 

4. Claims 1-5, 7-12, 14-19 and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Shefi (Patent No.: US 6,445794 B1) in view of Hattick et al. (Pub. 
No.: US 2003/0112972 A1) (hereinafter "Hattick"). 

5. As to claim 1 , Shefi disclose a system for authenticating a client device 
requesting a session of service from a service provider (abstract), comprising: 

at least two matching one-time pad cryptological tables (column 4, lines 5-15, 
"...an identical electronic one-time pad at a first location and at a second location"), a 
first of which is stored in a client device ('.'a first electronic device" - e.g. column 4, lines 
5-20), and a second of which is accessible by a service security server ("a second 
electronic device" - e.g. column 4, lines 5-15), each table having multiple entries 
(column 11, lines 13-30, "...a true number is selected from at least one table containing 
true random number is selected from at least one table containing true random 
numbers..."), each entry including a field for a indicator of previous use (column 1 1 , 
lines 10-30, "..table containing true random numbers according to a pointer"), said 
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previous use indicator for each entry being initialized in an "unused" state (Shefi 
teaching this concept by selecting true random number that is identical at all locations - 
e.g. column 11, lines 10-30), each row containing at least one pad value ("random 
number" -e.g. column 11, lines 10-.30); 

Shefi doesn't explicitly disclose a code exchanger for receiving a pad value from 
said client device by said service security server upon request for initiation of a service 
session; a code comparator for determining if said received pad value is marked as 
"used" or "unused" in said second table; a service session grantor configured to grant 
said service request responsive to determination that said received pad value is 
unused, including changing said used indicator to a "used" state upon said grant of 
service; and a client device reconfigurator adapted to challenge said user of said client 
device responsive to determining that said received pad value is marked as "used", and 
to replace said first and second tables with new, synchronized tables responsive to 
successful response by said user to said challenge, completing authentication of said 
client device without the peed for a service history counter. 

However, Hattick discloses a code exchanger for receiving a pad value from said 
client device by said service security server upon request for initiation of a service 
session ([0017], [0023]); a code comparator for determining if said received value is 
marked as "used" or "unused" in said second table ([0019], lines 9-17); a service 
session grantor configured to grant said service request responsive to determination 
that said received value is unused ([0023]-[0024]), including changing said used 
indicator to a "used" state upon said grant of service ([0019], lines 9-17); and a client 
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device reconfigurator adapted to challenge said user of said client device responsive to 
determining that said received value is marked as "used" ([0017], [0019], [0023]), and to 
replace said first and second tables with new, synchronized tables responsive to 
successful response by said user to said challenge, completing authentication of said 
client device without the need for a service history counter ([0017], [0019], [0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide low cost provable secure authentication of remote devices. 

6. As to claims 8 and 15, these are rejected using the same rationale as for the 
rejection of claim 1 . 

7. As to claim 2, Shefi discloses wherein: said one-time pad cryptological tables 
further comprise a sequence index (column 11, lines 10-30, "..table containing true 
random numbers according to a pointer"). Shefi doesn't explicitly disclose said code 
comparator is further configured to determine if said received pad value is a next 
unused pad according to said sequence indicators; said session grantor is configured to 
grant a session only if said received pad is a next expected pad value; and said client 
device reconfigurator is adapted to respond to said received pad value not being a next 
expected pad value. 

However, Hattick discloses said code comparator is further configured to 
determine if said received pad value is a next unused pad according to said sequence 
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indicators; said session grantor is configured to grant a session only if said received pad 
is a next expected pad value; and said client device reconfigurator is adapted to 
respond to said received pad value not being a next expected pad value ([0019], 
[0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide low cost provable secure authentication of remote devices. 

8. As to claims 9 and 16, these are rejected using the same rationale as for the 
rejection of claim 2. 

9. As to claim 3, Shefi discloses wherein said code exchanger comprises at least 
one communications network selected from the group of a telephone network, a 
wireless data network, a Local Area Network, a Wide Area Network, and an Internet 
(column 19, lines 28-36). 

1 0. As to claims 1 0 and 17, these are rejected using the same rationale as for the 
rejection of claim 3. 

11. As to claim 4, Shefi doesn't explicitly disclose wherein client device 
reconfigurator is adapted to challenge said user with one or more methods selected 
from the group of requiring a user name input, requiring a password input, requiring an 
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account number input, requiring an answer to a secret question, and requiring a user- 
designated response. 

However, Hattick discloses wherein client device reconfigurator is adapted to 
challenge said user with one or more methods selected from the group of requiring a 
user name input, requiring a password input, requiring an account number input, 
requiring an answer to a secret question, and requiring a user-designated response 
([0021]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 

12. As to claims 1 1 and 18, these are rejected using the same rationale as for the 
rejection of claim 4. 

13. As to claim 5, Shefi discloses one-time pad cryptological table (column 4, lines 5- 
15). However Shefi doesn't explicitly disclose further comprise an expiration field for 
each entry; said code comparator is further configured to determine if said received pad 
is expired; said session grantor is configured to grant a session only if said received pad 
is unexpired; and said client device reconfigurator is adapted to respond to said 
received pad being expired. 
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However, Hattick discloses further comprise an expiration field for each entry 
([0019], [0021]); said code comparator is further configured to determine if said received 
pad is expired ([0019], [0021]); said session grantor is configured to grant a session 
only if said received pad is unexpired ([0019], [0021]); and said client device 
reconfigurator is adapted to respond to said received pad being expired ([0019], [0021]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 

14. As to claims 12 and 19, these are rejected using the same rationale as for the 
rejection of claim 5. 

15. As to claim 7, Shefi doesn't explicitly disclose wherein said service session 
grantor is further configured to require a second step of acknowledgment between said 
service security server and said client device before said entry is marked as "used". 
However, Hattick discloses wherein said service session grantor is further configured to 
require a second step of acknowledgment between said service security server and said 
client device before said entry is marked as "used" ([0019], [0021], [0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
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order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 

16. As to claims 14 and 21, these are rejected using the same rationale as for the 
rejection of claim 7. 

17. Claims 6, 13 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shefi in view of Hattick and further in view of Douceur et al. (Patent Number: 
6,021 ,203), hereinafter "Douceur". 

18. As to claim 6, neither Shefi nor Hattick explicitly discloses wherein said client 
device reconfigurator is adapted to replace said tables using a secure replacement 
method. However, Douceur discloses replacing tables using a secure replacement 
method (abstract, "secure channel"). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi and Hattick as taught by 
Douceur in order to increase the confidentiality and integrity of the data. Furthermore, 
one would be motivated to do so to transmit data over the public network. 

19. As to claims 13 and 20, these are rejected using the same rationale as for the 
rejection of claim 6. 
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20. Examiner's note: Examiner has cited particular columns and line numbers in the . 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may be applied as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

Response to Amendment 

21 . Applicant has amended claims 1,2,8-9 and 15-21, which necessitated new 
ground of rejections. See rejection above. 

Conclusion 

22. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

23. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Suman Debnath whose telephone number is 571 270 
1256. The examiner can normally be reached on 8 am to 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Sen/ice Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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